- Home
- Health Information Privacy
Health Information Privacy
North Mississippi Medical Centers' and Clinics' Summary Notice of Privacy Practices
Effective Date: April 14, 2003
Este aviso describe cómo la información médica sobre usted puede ser utilizada y divulgada y cómo usted puede conseguir el acceso a esta información. Por favor revise con cuidado.
Si usted quiere, nosotros podemos hacer una copia de este aviso de la práctica de la privacidad disponible en espanol.
Mission Statement
To continuously improve the health of the people of our region.
North Mississippi Medical Centers and North Mississippi Medical Clinics ¹, (hereinafter collectively referred to as NMMC), are all dedicated to protecting your health information. We are required by law to maintain the privacy of protected health information and to provide you with this Notice of our legal duties and privacy practices with respect to protected health information.
What is this Notice?
This Notice of Privacy Practices describes how we may use and disclose your Protected Health Information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights regarding your Protected Health Information.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed by the U.S. Congress. One portion of HIPAA required Congress to enact privacy legislation that would address the following:
- The ways that patient information can be used and released by members of the health care system,
- The rights that patients have concerning their information and
- The responsibilities of providers and payers who use and release patient information.
The Department of Health and Human Services promulgated the "Privacy Rule" in December of 2000. The rule became effective on April 14, 2001, and must be implemented by April 14, 2003.
What is "protected health information"?
Protected Health Information or "PHI" (also known as "personal health information") is past, present and future information created or received by NMMC through its health care providers. It includes demographic information that may identify you and that relates to your past, present or future medical condition (physical or mental), the providing of health care to you, or payment for the health care treatment.
Who will follow this Notice?
This notice describes NMMC's practices and that of:
- Any health care professional authorized to enter information into your hospital chart.
- Any member of a volunteer group, vendor or third party we allow to help you while you are at a NMMC hospital or facility.
- All employees, staff, medical students, nursing students, other students, medical residents and other hospital and clinic personnel.
- All NMMC hospitals and clinics¹. In addition, NMMC hospitals and clinics may share medical information with each other for treatment, payment or hospital operation purposes described in this notice.
- Each NMMC hospital has an Organized Health Care Arrangement (OHCA) with its medical staff. This OHCA notice allows physicians and allied health care professionals to share PHI with other physicians and health care professionals in the hospital and/or clinic setting for treatment, payment or health care operations. The medical staff of each NMMC hospital consists of physicians and other allied health professionals who are credentialed to be on the medical staff of a NMMC hospital. Most of the physicians and allied health care professionals on the staff of a NMMC hospital are not hospital employees but are independent practitioners who have been granted the privilege of using a NMMC hospital for the care and treatment of patients. The physicians on the medical staff include but are not limited to anesthesiologists, pathologists, radiologists, internists, cardiologists, pulmonologists, oncologists, urologists, nephrologists, psychiatrists, pediatricians, surgeons and other specialists. When using PHI that is obtained for treatment of a patient at a NMMC hospital and for payment for these services, physicians on the staff of a NMMC hospital will follow the NMMC privacy practice. At their private offices, physicians will follow their own privacy practices for PHI created or maintained at their private offices. Physicians on the staff of North Mississippi Medical Clinics, Inc. are employees of North Mississippi Medical Clinics, Inc. and will follow this notice both at their clinic offices and at the NMMC hospital.
How does NMMC protect personal health information internally?
Access to PHI is restricted to only those employees, volunteers, staff, physicians and allied health professionals who need to provide services, products, or benefits to our patients. We maintain physical, technical and procedural safeguards to protect PHI against unauthorized use and disclosure. We have a Privacy Officer that is responsible for developing, educating NMMC personnel about, and overseeing the implementation and enforcement of policies.
North Mississippi Medical Center and North Mississippi Medical Clinics means North Mississippi Medical Center-Tupelo, North Mississippi Medical Center-West Point, North Mississippi Medical Center Gilmore-Amory, North Mississippi Medical Center-Hamilton, North Mississippi Medical Center-Pontotoc, North Mississippi Medical Center-luka, North Mississippi Medical Center-Eupora, North Mississippi Medical Clinics physician offices, North Mississippi Surgery Center and all North Mississippi Nursing Homes. These NMMC hospitals, nursing homes, clinics and surgery center are part of the North Mississippi Health Services system and are part of an Affiliated Healthcare Entity (AHE). This AHE may share your PHI for treatment, payment and health care operations. and procedures designed to safeguard PHI against inappropriate use and disclosure consistent with the applicable law.
Understanding Your Health Record/Information
A record of your visit is made each time you visit a hospital, physician, or other health care provider. Typically, this record contains your (PHI) symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This PHI, often referred to as your health or medical record, serves as a:
- basis for planning your care and treatment
- means of communication among the many health professionals who contribute to your care
- legal document describing the care you received
- means by which you or third-party payer can verify that services billed were actually provided
- tool in educating health professionals
- source of data for medical research
- source of information for public health officials charged with improving the health of the natio
- source of data for facility planning and marketing .
- tool with which we can assess and continually work to improve the care we render and the outcomes we achieve
Understanding what is in your record and how your PHI is used helps you to:
- ensure its accuracy
- better understand who, what, when, where, and why others may access your PHI
- make more informed decisions when authorizing disclosure to others
How We May Use and Disclose PHI About You
Your PHI may be used and disclosed by NMMC physicians (OHCA) employees, staff and others who are involved in your care and treatment. Your PHI may also be used and disclosed to obtain payment of your health care bills and to support NMMC health care operations. The following categories describe different ways that we use and disclose PHI. For each category of uses or disclosures, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.
1. Disclosures for Treatment, Payment and Health Care Operations
We may use and disclose your PHI in the following instances to treat you, obtain payment for treatment or for the health care operation of NMMC.
Examples include:
For Treatment. We may use PHI about you to provide you with medical treatment. We may disclose PHI about you to doctors, nurses, technicians, medical students, volunteers, other hospital employees, or other hospital personnel or agents who are involved in taking care of you at the hospital. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals. We also may disclose PHI about you to people outside the hospital who may be involved in your medical care after you leave the hospital, such as nursing homes, home health agencies, physician offices, ambulance services, family members or others that provide services that are part of your care.
For payment. We may use PHI about you to obtain payment for medical treatment. For example: A bill may be sent to you or a third-party payer (Medicare, Medicaid or a private insurer). The information on or accompanying the bill may include information that identifies you, as well as your diagnoses, procedures, and supplies used so your third-party payer will pay us or reimburse us for the treatment. Another example is obtaining approval for a hospital stay that may require that your relevant PHI be discussed with the payer to obtain approval for hospital admission. We will attempt to obtain your consent on our admission agreement prior to sending a third party a bill.
For Health Care Operations. We may use PHI about you to operate NMMC. For example: Members of the medical staff, the risk or quality improvement manager, or members of the quality improvement team may use PHI in your medical record to assess the quality of your care and the outcomes in your case and to compare It to other similar treatments. Your PHI may be used in peer review of health care professionals to evaluate quality of care. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide.
Operations also include but are not limited to data and information systems management, legal services, auditing and accounting functions, business planning and development and general administrative activities.
In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician. We may also call you by name in the waiting room when your physician is ready to see you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment.
As part of health care operations, we will share your PHI with third parties or "Business Associates" that perform various activities (e.g., collections, transcription services) for NMMC. Whenever an arrangement between NMMC and a business associate involves the use or disclosure of your PHI, we should have a written contract that contains terms that will protect the privacy of your PHI. To protect your health information, we will require the business associate to appropriately safeguard your information.
NMMC's parent corporation, North Mississippi Health Services, is a Business Associate of NMMC and provides support services to NMMC hospitals and clinics such as accounting, auditing, marketing and other support services.
2. Permitted and required uses and disclosures that may be made with your consent, authorization or opportunity to object.
We may use and disclose your PHI in the following instances. You have the opportunity to agree or object to the use or disclosure of all or part of your PHI. If you are not present or able to agree or object to the use or disclosure of the PHI, then your physician may, using professional judgment, determine whether the disclosure is in your best interest. In this case, only the PHI that is relevant to your health care will be disclosed.
Examples include:
Directory. We will include general information including your name, location in the hospital, your condition described in general terms and your religious affiliation in a directory. The directory information, except for your religious affiliation, will be released to people who ask for you by name. Your religious affiliation may be given to members of the clergy, even if they do not ask for you by name. You may request not to be included in the directory or not to have information disclosed to clergy.
Family and Friends. Unless you object, we may disclose to your family members, other relatives or close personal friends the general medical information about your care. We will try to limit specific medical information about your care to those persons that are authorized by you or authorized by law to receive the information.
Media. Unless you object, we may disclose your general health status of good, fair or critical to the media, if we receive a specific inquiry asking for you by name.
Emergencies. We may use or disclose your PHI in an emergency treatment situation. If this happens, we shall try to obtain your acknowledgment as soon as reasonably practical after the delivery of treatment.
Disaster Relief Efforts. We may disclose your PHI to a public or private agency for the purpose of coordinating with that agency assistance in disaster relief efforts.
3. Permitted and Required Uses and Disclosures that may be made without your consent, authorization or opportunity to object.
We may disclose your PHI to certain Government agencies, oversight regulatory bodies, and in legal proceedings as required or allowed by law for public safety, government oversight and other permitted disclosures.
Examples include:
Public Health. We may use or disclose your PHI for public health activities, including the reporting of disease, communicable disease, injury, gunshot or stab wounds, vital events, poison control and the conduct of public health surveillance, investigation and/or intervention.
Avert a Serious Threat to Health or Safety. We may use and disclose health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Organ Procurement. If you are an organ donor or potential donor, we may disclose your PHI to an organ donation and procurement organization.
Health Oversight. We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, ombudsman investigations, licensure, disciplinary actions, and administrative and/or legal proceedings, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs and other government regulatory programs and civil rights laws.
Abuse or Neglect. We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse/neglect, domestic violence or abuse of the elderly. In addition, we may disclose your PHI if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration. We may disclose your PHI to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable recalls; to make repairs or replacements, or to conduct post marketing surveillance, as required.
Legal Proceedings (Lawsuits and Disputes). We may disclose PHI in the course of any judicial (civil lawsuit, criminal case) or administrative proceeding (Workers Compensation Commission, disability hearing), in response to an order of a court, administrative tribunal and in certain circumstances in response to a subpoena, discovery request or other lawful process.
Law Enforcement. We may also disclose PHI, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include: 1) legal processes and otherwise required by law; 2) limited information requests for identification and location purposes; 3) information about a victim of a crime; 4) suspicion that death has occurred as a result of criminal conduct; 5) in the event that a crime occurs on the premises of NMMC; 6) medical emergency and it is likely that a crime has occurred; and; 7) if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Coroners and Funeral Directors. We may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose your PHI to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties.
Research. We may use or disclose your PHI when their research has been approved by an Institutional Review Board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
Military Activity and National Security. We may use or disclose PHI of individuals who are Armed Forces personnel: 1) for activities deemed necessary by appropriate military command authorities, 2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or 3) to foreign military authority if you are a member of that foreign military services. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others.
Workers' Compensation. Your PHI may be disclosed by us as authorized or required to comply with workers' compensation laws.
Inmates. We may disclose your PHI, if you are an inmate of a correctional facility, to the facility where you are an inmate in order that they know your health care needs.
Required Uses and Disclosures. Under the law, we must make disclosures about you when required by the Secretary of the Department of Health and Human Services, to investigate or determine our compliance with the requirements of the privacy regulations.
Fundraising Activities. We may use your PHI to contact you in an effort to raise money for NMMC hospitals and clinics and their operations. We may disclose medical information to a foundation related to NMMC (Health Care Foundation of North Mississippi) so that the Foundation may contact you in raising money for NMMC. We only would release contact information, such as your name, address and phone number and the dates you received treatment or services at the hospital. If you do not want NMMC or the Foundation to contact you for fundraising efforts, you must notify our Privacy Officer in writing.
Other Uses of PHI. Other uses and disclosures of your PHI not covered by this notice or the laws that apply to us will be made only with your written authorization. If you provide us authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care that we provided to you.
4. Your Rights
Following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights.
You have the right to inspect and obtain a copy of your PHI. This means you may inspect and obtain a copy, for a fee, of your medical record that is contained In a designated record set for as long as we maintain medical record (PHI). A “designated record set” contains medical and billing records and any other records that NMMC uses. We have thirty (30) days to respond to your request and may request a thirty (30) day extension in order to respond.
Under federal law, however, you may not inspect or obtain a copy of the following records: psychotherapy notes, information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, and PHI that is subject to law that prohibits access to PHI.
Depending on the circumstances, a decision to deny access may be reviewable. In some circumstances, you may have a right to have this decision reviewed.
You have the right to request a restriction of your PHI. This means you may ask us not to use or disclose any part of your PHI for the purposes of treatment, payment or healthcare operations. For example, you may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care. Your request must state the specific restriction requested and to whom you want the restriction to apply.
We may deny your request if we find your request unreasonable, or that it interferes with your treatment, payment or health care operations.
You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests. We may deny unreasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact.
You may have the right to request an amendment to your PHI. This means you may request an amendment of PHI about you in a designated record set for as long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
You have the right to receive an accounting of certain disclosures we have made, if any, of your PHI. This right applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice of Privacy Practices. It excludes incidental disclosures or disclosures we may have made to you or authorized by you, for a facility directory, to family members or friends involved in your care, or for notification purposes. You have the right to receive specific information regarding these disclosures that occurred after April 14, 2003. You may request a shorter time frame. The right to receive this information is subject to certain exceptions, restrictions and limitations.
Accounting of disclosures would include, but are not limited to:
- Victims of abuse, neglect and domestic violence
- Required by law (FDA; court orders; gunshot wounds)
- Public health purposes (communicable diseases; CDC)
- Health oversight {compliance; civil/criminal investigations)
- Law enforcement purposes (where crime is suspected)
You have the right to obtain a paper copy of this Notice from us, upon request, even if you have agreed to accept this Notice electronically.
To Report a Problem or File a Complaint
If you believe your privacy rights have been violated, you can report a problem or file a complaint with the Privacy Officer of NMMC, 830 South Gloster Street, Tupelo, MS 38801 or phone (888) 246-2808 or with the Secretary of the U.S. Department of Health and Human Services. There will be no retaliation or denial of treatment for filing a complaint.
We reserve the right to change the terms of this Notice, making any revision applicable to all the PHI we maintain. If we revise the terms of this Notice, we will post a revised Notice at NMMC and will make paper copies of this Notice of Privacy Practices for Protected Health Information available upon request.
Request a copy of your medical records from North Mississippi Health Services.